CVE-2025-0945
Published: 01 February 2025
Summary
CVE-2025-0945 is a medium-severity Injection (CWE-74) vulnerability in Angeljudesuarez Tailoring Management System. Its CVSS base score is 6.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 18.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly prevents SQL injection by validating the 'id' argument in typedelete.php before incorporation into database queries.
Enforces restrictions on the 'id' parameter, such as type and format checks, to reject SQL injection payloads.
Mandates timely remediation of the identified SQL injection flaw in Tailoring Management System 1.0.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
SQL injection in public-facing web application (Tailoring Management System) enables exploitation of public-facing applications (T1190) and unauthorized access to/querying of databases for data collection (T1213.006).
NVD Description
A vulnerability classified as critical has been found in itsourcecode Tailoring Management System 1.0. Affected is an unknown function of the file typedelete.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack…
more
remotely. The exploit has been disclosed to the public and may be used.
Deeper analysisAI
CVE-2025-0945 is a critical SQL injection vulnerability in itsourcecode Tailoring Management System 1.0. The flaw resides in an unknown function within the file typedelete.php, where manipulation of the "id" argument triggers the injection. Published on 2025-02-01, it is remotely exploitable and carries a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L), with associated CWEs CWE-74 and CWE-89.
An attacker with low privileges, such as an authenticated user, can exploit this vulnerability over the network with low complexity and no user interaction required. Successful exploitation enables limited impacts on confidentiality, integrity, and availability, potentially allowing unauthorized data access, modification, or denial of service within the application's database.
Advisories and references are available at https://github.com/magic2353112890/cve/issues/7, https://itsourcecode.com/, https://vuldb.com/?ctiid.294300, and https://vuldb.com/?id.294300. The exploit has been publicly disclosed and may be used, though no specific patch or mitigation details are provided in the CVE data.
Details
- CWE(s)